The Benefits of Sock Puppets in Open-Source Intelligence (OSINT)

A Sock Puppet is fake persona, or an alternative online identity used to collect and investigate open-source information on a target.  The main goal of the Sock Puppet is to not have the profile linked back to the investigator.

This is vital as to provide operational security (OPSEC) to protect the investigator from retaliation or to prevent bringing awareness to the target that they are being investigated by a specific entity.

Maintaining and managing a sock puppet also requires a detailed understanding of the many different platforms the investigator will used to create accounts for the fake persona.  As these policies change, so can the information that is disclosed or shared publicly.

To effectively create and use a functional sock puppet here are a few recommendations:

  1. To anonymize the account so that it does not record the original IP address or location, the use of a VPN or TOR while creating the account is highly recommended. In addition, it is recommended doing so from a public Wi-Fi connection.
  2. Certain social media platforms such as Facebook may prevent individuals from creating an account from a VPN or TOR connect. In that case, using a public Wi-Fi is recommended.
  3. When logging to the sock account, be sure to always use a VPN, TOR or public Wi-Fi, under no circumstances should the creator use a direct IP address that may link back to them.
  4. Make the account as legitimate as possible by producing daily activities, using it for a long period of time and making online connections.
  5. When creating a name for the account, it is recommended using a fake name generator. In doing so, the investigator will be provided with an identity of a person that has never existed.  The identity will have a name, address, mother’s maiden name, weight, height, date of birth, in addition to many other useful information need to create a person.  Female accounts then to have more success when creating a sock puppet.
  6. Now that an identity has been created, providing an image is highly recommended. The creator has two options, using a cartoon avatar or providing an image of a human that does not exist through the use of artificial intelligence.  Never use a real person’s face as individuals can use tools such as Google identify the photo’s original owner.
  7. When creating an email account for the sock puppet, it is recommended using any email provider such as, or to name a few. As previously stated, be sure the IP address cannot be link to the creator.
  8. Obtain a burner cell phone and SIM card that can be used account verification. Be sure to not have the phone linked back to the investigator by paying with cash or a privacy-based credit card.
  9. Having more than one sock puppet is highly recommended in case something goes wrong, the investigator will have an active back-up.

Sock Puppets are important for the protection of the investigator, things change fast in the online world, and it is important the investigator keep up with the changes.

The Open-Source Intelligence (OSINT) Cycle

Open-source intelligence, or OSINT, refers to the process of collecting information from public and legal data sources to serve a specific function. Some open sources components might include social media, videos, blogs, news, and the web (surface, Deep and Dark Web).

OSINT encompasses 5 phases in its process. The following diagram shows the OSINT cycle.

  1. Source Identification – It is the initial phase of the OSINT process. The OSINT investigator (Black Hat or White Hat) identifies the potential sources from which information will be gathered.
  2. Data harvesting – In this phase, the OSINT investigator collects and harvests information from the select sources and other sources that are discovered.
  3. Data processing and information- During this phase, the OSINT investigator processes the harvest information for actionable observation by searching for information that may assist in the enumeration.
  4. Data analysis – In this phase, the OSINT Investigator performs data analysis of the processed information using OSINT analysis tools and techniques.
  5. Results delivery – It is the final phase in the OSINT analysis and findings are reported to the stake holders.

Benefits of STEM Summer Camps

STEM summer camps can make summer learning fun and exciting by teaching kids about science, technology, engineering, and math.  The camps can give children an opportunity to continue learning more about a concept they were introduced to during the school year or event explore different STEM concepts they may not learn about in their classrooms. In just one summer, kids discover not only their passion for learning but perhaps even their future career path.

Learn Basic STEM Skills

Instead of forgetting the STEM concepts they’ve learned at school, kids can practice those concepts and apply them in hands-on activities and real-life scenarios.  For example, using robotics to implement a manufacturing solution, implementing code to sort through data or conducting a chemical experience to determine the acidity.

In addition to the STEM activities, participant of the camo will start developing soft skills like communication, critical thinking, and problem-solving.  These skills will help them in their future careers and lives by working together, using their imagination, and enhancing their communication skills while solving multiple challenges.

How to Find a STEAM Summer Camp for Kids?

There are many schools and institutions offering STEM summer camps for kids and each of them may use different programs and approaches. To choose the right one, consider the following factors.

Your budget

How much are you willing to spend on this year’s summer camp? It’s no secret that summer camps can be pricey especially if you are enrolling more than one child and if the program requires them to live on the campus. That’s why it’s important to consider your budget for everything, including lodging, transportation, and food. Do your research first, then pick the one that suits your budget and other requirements at the same time.

You and your children’s preferences

Are you okay with the kids staying at the camp? Will they be able to take care of themselves if you are not around? Are they old enough to join a sleep-away camp? These are some of the questions you need to ask before enrolling them to STEM summer camp for kids. Think about these things very well while researching to select one that works for your family.


You want to know what kinds of activities, classes, workshops they are going to do during the camp. These vary from institution to institution, so compare them carefully. You also want to find out how many kids are going to be there per class. More often, small classes are better because teachers can provide individualized attention and kids get to know each other more.

The camp learning environment

If the camp offers open houses, grab this opportunity to take a tour. Make sure to take your child with you. Surveying the place before sending your kids is a must. It gives you an opportunity to speak with the staff, directors, and counselors and get to know more about their experience.

U.S. Can Expect to see more Ransomware Attacks

In the cybersecurity space, there are many things we do not all agree on, but one thing I have noticed in the past year is that we all agree that the U.S. can expect to see more ransomware attacks as the nation recover from recent attacks which included the District of Columbia Police Department, The Colonial Pipeline and now the JBS meat plant.  These will continue to increase, especially in the state, local environment, as well as in the critical infrastructure and manufacturing space.

There are two main reasons for this trend:

  1. Organizations are not implementing the basic security controls thus allowing attackers to take advantage of easy attack vectors. A major of the critical infrastructure in the U.S. are operated by private organizations with very little IT and security regulations.
  2. Many organizations are frequently deciding to pay the ransom after they have been attacked. Security researchers and law enforcement often recommend organizations not to pay the ransoms, but when stakeholders and the media are applying pressure, organizational leader must do what is best for the organization.  This validates the ransomware industry and their frequency and tactics become more sophisticated.

This recent attack seems to have a Russian’s group fingerprint associated to it just like the pipeline event.  Many security researchers, law enforcement officials and politicians are recommending in conjunction to increasing regulations on U.S. based organizations, the U.S. must also impose sanctions against countries that allow these types of activities to occur inside their borders.

Bad Ending for Washington, D.C.’s Metropolitan Police Department (MPD) after a Ransomware Attack

A group of ransomware hackers known as “Babuk” leaked internal police files from the Washington, D.C. Metropolitan Police Department (MPD).  The information was stolen in late April.  The type of information that was released included officers’ personal information including psychological evaluations, credit history and Social Security numbers.  In addition, the leaked information included polygraph tests, social media posts, employment history, financial liabilities and scanned copies of officers’ driver’s licenses.  The leak occurred due to a break down in negotiations between MPD and Babuk who claimed the monetary offer the department made to prevent the leak was not enough.  Babuk claimed to have stolen approximately 250 GB of information from the department which can equate to 127,000 songs or 37, 600 photos on your computer.

Security experts often recommend not paying the ransom after such an attack as it would only continue to fuel the ransomware tactics.  Even the FBI has issued a statement regarding this type of cyber-attack stating:

“The FBI does not support paying a ransom in response to a ransomware attack,” the agency advises. “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Babuk’s tactics differ to the tactics of DarkSide in Babuk stole the data and threatened to release it unless a ransom demand was met while DarkSide encrypted files and demanded a ransom in exchange for unlocking them.

Colonial Pipeline Ransomware Attack

One of the nation’s largest fuel pipelines has been forced to shut down after being affected by a ransomware cyberattack.  Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.

Colonial Pipeline was forced to shut down its entire network as well as proactively take various systems offline to contain the threat, halting all pipeline operations.  The massive US pipeline runs 5500 miles from Houston to New Jersey and transport 45% of all fuel to the East Coast.

The President has been briefed and the White House stated it is working with the organization to avoid disruption to supply and restore pipeline operations as quickly as possible, but it is still unclear to how long the pipelines will be off the grid.

Experts warn a prolonged delay could eventually impact consumers.

This latest attack comes amid growing concerns about the nation’s cybersecurity posture.  Last December a massive software breach at Texas based SolarWinds was identified, where hackers reportedly gained access to the emails at U.S. government agencies.  Also, in Florida, investigators stated hackers took control of the computer systems of a water treatment facility in an attempt to tamper with the water supply.

It’s important that organization take these attacks seriously since these attacks will continue and are not going away.  So, it’s imperative that if you’re an owner operator of critical infrastructure that you invest in the cybersecurity controls.

Update: 5/10/21 at 7:40 am EST

A Russian criminal group may be responsible for a ransomware attack that shut down a major U.S. fuel pipeline, two sources familiar with the matter said Sunday.

The group, known as DarkSide, is relatively new, but it has a sophisticated approach to the business of extortion, the sources said.